github/capsule
1
0
Fork 0
mirror of https://github.com/projectcapsule/capsule.git synced 2026-03-03 18:20:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
89 Commits 22 Branches 103 Tags
v0.0.5-rc1
Commit Graph

35 Commits

Author SHA1 Message Date
Dario Tranchitella
16906db309 Validating Tenant also on UPDATE (#191) 2021-01-21 07:11:59 +01:00
Dario Tranchitella
51f5bec5a6 Fixing the IngressClass return logic breaking Hostnames check (#185) 2021-01-15 09:45:09 +01:00
Dario Tranchitella
d2700556dd Adding linters and aligning code (#169) 
* Adding linters and aligning code

* Aligning ingressHostnames to AllowedListSpec
 2021-01-13 23:49:11 +01:00
Paolo Carta
89c66de7c6 Implementing allowed Ingress hostnames (#162) 
Co-authored-by: Dario Tranchitella <dario@tranchitella.eu>
 2021-01-13 22:18:09 +01:00
Maxim Fedotov
4dc92451ea IsInCapsuleGroup binary search is case-sensitive broken (#181) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2021-01-05 13:10:27 +01:00
Dario Tranchitella
98e441f1e9 Enforcing Service external IPs (#161) 2020-12-11 19:17:46 +01:00
Dario Tranchitella
007bdff512 Only owner Tenant specification key is mandatory (#153) 
* Only Tenant owner specification key is mandatory

* Increasing default timeout to avoid e2e flakiness on GH Actions

* Ensuring also empty Namespace annotations and labels
 2020-12-11 15:47:29 +01:00
Dario Tranchitella
5aed7a01d5 Enforcing container registry via list or regex (#142) 
Adding also NamespaceSelector to specific webhooks in order to decrease
the chance ov breaking other critical Namespaces in case of Capsule
failures.
 2020-11-24 00:40:40 +01:00
Dario Tranchitella
d3bc9f4870 Provide a more meaningful error message when not admitted Storage/Ingress Classes are used (#141) 
* Providing further details on non allowed Storage Classes

* Providing further details on non allowed Ingress Classes
 2020-11-17 23:44:08 +01:00
Maxim Fedotov
078588acb5 migrating service webhook to controller p1 (#130) 
migrating service webhook to controller p2

migrating service webhook to controller p3. add tests

Using an abstract reconciler to avoid copy/paste code

update tests. remove service_labels webhook. fix bug in sync labels\endpoint func

apply review notes

disable EndpointSlicesLabelsReconciler for kubernetes versions <=1.16

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-11-10 19:43:30 +03:00
Dario Tranchitella
2c54d91306 Enforcing back tenant selection using closest match (#129) 2020-11-05 11:20:48 +01:00
Dario Tranchitella
e764b976aa Allowing dash on Tenant namespace (#118) 
* Allowing dashes in the Tenant name as DNS RFC-1123

* Allowing force tenant prefix with Namespaces with dash
 2020-10-31 19:43:46 +01:00
Maxim Fedotov
7ae1c0ae32 issues/115. fix endpoint creation for services with selectors when servicesMetadata is specified for tenant (#116) 
apply review notes

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-10-31 15:10:08 +03:00
Dario Tranchitella
39d6638669 Duplicated code, can be easily removed (#119) 2020-10-31 12:50:51 +01:00
Dario Tranchitella
ee6e3aa0df Using matrix strategy for e2e on multiple k8s versions (#111) 
* Using matrix strategy for e2e on multiple k8s versions

* EndpointSlice version support according to Kubernetes release

* Utility helper for testing various Kubernetes versions
 2020-10-29 09:39:22 +01:00
Dario Tranchitella
a7f7c00558 Supporting ingresses.networking.k8s.io/v1 (#110) 
* Updating to controller-runtime v0.7.0-alpha.4 and k8s 0.19.3

* Implementing ingresses.networking.k8s.io/v1

* Aligning to latest zap signatures
 2020-10-23 21:19:14 +02:00
Dario Tranchitella
b0310cd42f Handling all the events from Storage and Ingress classes (#108) 2020-10-17 14:40:07 +02:00
Maxim Fedotov
d0028d483b Fix null pointer exception in Ingress validating webhook (#94) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-15 11:54:52 +02:00
Maxim Fedotov
875650f185 Regexp support for Ingress and Storage classes (#89) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-15 11:08:14 +02:00
Maxim Fedotov
303fc4d69c Support Groups as Subject Kind for Tenant Namespace RoleBindings created by Capsule (#71) 
Modified CRD to support Owner struct.

Added Tenant name validation webhook.

Rewrote owner_reference hook logic.

Updated and added new e2e tests.

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-10 17:02:22 +02:00
Dario Tranchitella
f4c41985d8 Using pointers and internal handler for Namespace OwnerReferences (#86) 
* Using pointers and internal handler for Namespace OwnerReferences

* Missing go fmt
 2020-09-10 15:27:27 +02:00
Maxim Fedotov
e8362f739f Add Service labelling and annotating webhook (#84) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-10 11:56:51 +02:00
Dario Tranchitella
a4b0c0fe27 Using HTTP handlers as closures (#82) 
* Using HTTP handlers as closures

* Avoiding variable shadowing

* Optimizing Ingress webhook

* Missing license header
 2020-09-09 13:33:25 +02:00
Maxim Fedotov
a99153cbe7 Add protected-namespace-regex (#73) 2020-09-02 12:43:02 +02:00
Maxim Fedotov
164431959c Add capsule-user-group CLI flag (#67) 
* add capsule-user-group param

* Implementing RBAC controller

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
Co-authored-by: Dario Tranchitella <dario@tranchitella.eu>
 2020-09-01 12:15:48 +02:00
Dario Tranchitella
0f935d53b7 Giving priority to IngressClassName rather than annotation (#64) 
* IngressclassName has priority over Annotation

* Covering further cases for the Ingress Class

* Forcing to use 1.18 during e2e tests
 2020-08-22 12:34:53 +02:00
Dario Tranchitella
9969864141 Scaffolding e2e testing (#56) 
* Implementing generic e2e features

* Adding changes upon e2e benchmarking
 2020-08-21 14:55:48 +02:00
Dario Tranchitella
1767bcee12 Implementing Capsule certificate validation (#44) 2020-08-07 16:19:23 +02:00
Dario Tranchitella
38cd3be71a Programmatic Tenant prefix for the Capsule namespaces (#41) 2020-08-07 10:25:05 +02:00
Dario Tranchitella
e8307e773b NetworkPolicy validating webhook logic was the opposite (#35) 2020-08-05 12:00:36 +02:00
Dario Tranchitella
5d20d515a7 Migrating from OperatorSDK 0.18 to 0.19 (#23) 2020-08-04 16:30:28 +02:00
Dario Tranchitella
9db30c6e81 Fixing the ResourceQuota update (#15) 
* Fixing the ResourceQuota update

* Using goroutines to parallelize and speed up ResourceQuotas processing
 2020-07-30 15:22:43 +02:00
Dario Tranchitella
fef3607ecf Implementing Capsule Tenant ownership predicate for Namespace Controller (#13) 
* Implementing Capsule OwnerRef predicate

* Sorting imports
 2020-07-28 11:45:39 +02:00
Dario Tranchitella
bd7218ba44 Avoiding TLS/CA race condition on Capsule installation (#7) 
* Avoiding race condition on Capsule installation

The TLS Secret controller needs to wait for the CA one in order to
retrieve the updated one, otherwise it could use a non-stored CA.

* Linting

Minor linting fixes

* Makefile for Docker Image

Providing `make docker-image` to speed-up generation of Docker image
 2020-07-25 17:21:36 +02:00
Dario Tranchitella
812b16fcff Initial commit 2020-07-24 10:57:51 +02:00